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NetWare FTP Server Administration Guide for OES 


About This Guide 


This guide describes how to configure, and use NetWare FTP Server. The guide is intended for end 
users and network administrators and is divided into the following sections: 

* Chapter 1, “Overview,” on page 9 

* Chapter 2, "Configuring NetWare FTP Server," on page 13 

* Chapter 3, “Managing and Administering,” on page 25 

* Chapter 4, "Cluster Enabling NetWare FTP Server," on page 45 

* Chapter 5, “NetWare FTP Server FAQs,” on page 49 

* Appendix A, “NetWare FTP Server Messages,” on page 57 

* Appendix B, “Documentation Updates," on page 63 


Documentation Updates 

The latest version of this NetWare 6.5 FTP Server Administration Guide is available at the Novell 
documentation Web site (http://www.novell.com/documentation/1g/nw65). 

Documentation Conventions 


In this documentation, a greater-than symbol (>) is used to separate actions within a step and items 
in a cross-reference path. 


A trademark symbol ie. TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party 
trademark. 


When a single pathname can be written with a backslash for some platforms or a forward slash for 
other platforms, the pathname is presented with a backslash. Users of platforms that require a 
forward slash, such as UNIX*, should use forward slashes as required by your software. 


User Comments 


We want to hear your comments and suggestions about this manual and the other documentation 
included with OES. To contact us, use the User Comments feature at the bottom of any page in the 
online documentation. 
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Overview 


NetWare? FTP Server software provides FTP service for securely transferring files to and from 
NetWare volumes. You can perform file transfers from any FTP client by using the NetWare FTP 
Server to log into a Novell® eDirectory™ 8.7.3 tree. 


After logging in, you can navigate to other NetWare servers in the same eDirectory tree even if they 
are not be running FTP service. NetWare FTP Server is based on the standard ARPANET File 
Transfer Protocol that runs over TCP/IP and conforms to RFC 959. 


This chapter discusses the following topics: 


* What's New (page 9) 
* Features of the NetWare FTP Server (page 9) 


1.1 What's New 


* NetWare FTP Server now supports extended functionality for the modification time command. 
This command, mdtm, now allows you to set the last modified date and time for both files and 
directories. 


For details, see Section 3.3.8, “Setting Modification Time,” on page 40. 


The new configuration parameter FORCE PASSIVE ADDR that allows the public IP address 
to be exposed in a passive reply to FTP clients has been added to the configuration file 
etc\ftpserv.cfg. 


For details, see Table 2-1 on page 13. 


1.2 Features of the NetWare FTP Server 


The main features of NetWare FTP Server software include the following: 
* Secure Login 


Security extensions enable secure FTP clients that support SSL and TLS mechanism to 
establish secure connections with NetWare FTP server. 
See “Security Extensions” on page 29. 

* Multiple instances of NetWare FTP Server software 


Multiple instances of NetWare FTP Server software can be loaded on the same NetWare server, 
providing different FTP services to different sets of users. 


See “Initializing Multiple Instances” on page 33. 


FTP access restrictions 
FTP access can be restricted at various levels through various types of access rights. 


See “Specifying Access Restrictions” on page 35. 


Intruder detection 
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An intruder host or user who tries to log in using an invalid password can be detected and 
restricted. 


See "Managing Intruder Detection" on page 34. 


Remote server access 


FTP users can navigate and access files from other NetWare eDirectory servers in the same 
eDirectory tree whether or not the remote servers are running NetWare FTP Server software. 


See "Accessing a Remote Server" on page 30 and Table 2-2 on page 18. 


Anonymous user access 


An Anonymous user account can be set up to provide users with basic access to public 
files.Creating several anonymous user accounts with separate rights and contexts is now 
supported. 


See "Creating an Anonymous User" on page 25. 


Special Site commands 


These NetWare-specific commands can be used to change or view some of the NetWare server- 
specific parameters. 


See "Site Commands" on page 31. 


Firewall support 


When the FTP client is behind a firewall and the NetWare FTP Server cannot connect to the 
FTP client, NetWare FTP Server software supports passive mode data transfer and the 
configuration of a range of passive data ports. 


See Table 2-1 on page 13. 


Active Sessions display 


Details of all the active FTP instances at a particular time such as a list of all instances, details 
of each instance, all sessions in an instance, and all details of each session can be viewed. 


See "Viewing Active Sessions" on page 39. 


Name space support 


NetWare FTP Server software can operate in both DOS and long name spaces. The FTP user 
can dynamically change the default name space by using one of the Site commands. 


See "Site Commands" on page 31. 
* Simple Network Management Protocol error reporting service 


Simple Network Management Protocol (SNMP) traps are issued when an FTP login request 
comes from an intruder host or from a node address restricted through Novell eDirectory. The 
traps can be viewed on the management console. 


* FTP logs 


The FTP service maintains a log of various activities: FTP sessions, unsuccessful login 
attempts, active sessions details, and system error and NetWare FTP Server-related messages. 


See "Monitoring FTP Log Files" on page 38 
* Welcome banner and message file support 


NetWare FTP Server software displays a welcome banner when an FTP client establishes a 
connection as well as a message file when a user changes the directory in which the file exists. 


See Table 2-1 on page 13. 
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MP Enabled 
The NetWare FTP Server is MP enabled. 
Web-based Administration 


You can configure the NetWare FTP Server using the iManager management utility. Using 
iManager you can now run multiple instances of FTP on a server when separate IP addresses or 
ports are available. 


See Section 2.2, "Configuring Using iManager,” on page 21. 

Cluster-enabled 

The NetWare FTP Server can be cluster-enabled for high availability and load balancing. 
See Chapter 4, “Cluster Enabling NetWare FTP Server," on page 45 


FTP server is now capable of establishing secure connections with secure FTP clients. After 
successful negotiation of the SSL/TLS mechanism, all the commands and replies are encrypted 


For details, see "Security Extensions" on page 29. 
The NetWare FTP Server has better performance compared to the previous release. 


The following configurable parameters, have been included in the configuration file 
etc\ftpserv.cfg. 


* DATA BUFF SIZE parameter enhances the data transfer performance. 


DEFAULT FTP CONTEXT parameter specifies the default context in which the users 
will be searched. 


KEEPALIVE TIME parameter specifies the timeout time (in minutes) to close the 
connection which might be broken on one side. 


PSEUDO PERMISSIONS parameter that includes PSEUDO FILE PERMISSIONS and 
PSEUDO DIR PERMISSIONS specify whether the FTP server should send UNIX-type 
permissions or trustee rights for display in the FTP client. 


SECURE CONNECTIONS ONLY parameter lets you specify only secure FTP 
connections. 


By default, the changes made to the FTP Server configuration and restrictions file now take 
effect dynamically. If required, you can disable the dynamic configuration. 


For more details, see “Dynamic Configuration Updates” on page 25. 


When specifying a configuration file different from the default configuration file located at 
sys:etc\ftpserv.cfg, you can now specify the complete path of the file. 


The error handling is improved when compared to the previous release. 


Invalid configuration parameter values are updated appropriately when dynamic updates is 
enabled and New configuration related information and error messages are logged into the log 
files. 


Creating several anonymous user accounts with separate rights and contexts is now supported. 
For more details, see “Creating an Anonymous User" on page 25. 


NetWare FTP Server is highly scalable. It has been tested with 300 clients simultaneously for 
basic file transfer operations. 


NetWare FTP Server can now be used by UNIX clients. 


Ftpstat is moved to secure connection. 
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* Viewing FTP statistics over plain http port 2500 is no longer available. Instead it can be 
accessed via the monitor active sessions link in FTP administration through iManager. 


12  NetWare FTP Server Administration Guide for OES 


Configuring NetWare FTP Server 


Before starting the NetWare? FTP Server software, configure it by setting the configuration 
parameters in the configuration file. 


You can set the configuration parameters using any one of the following: 


* Configuring Using Files (page 13). 
* Configuring Using iManager (page 21). 


2.1 Configuring Using Files 


The default configuration file is sys:/etc/ftpserv.cfg. After installing, this configuration files has all 
the parameters, commented with their default values. 


If you enter a non-integer value for parameters where integer values are required, then the FTP 
Server sets the value to 0 or the default value of the parameter if 0 is an invalid value. 


If invalid values are entered for parameters in the ftpserv.cfg file, they are replaced by the default 
values appropriately. 


The following tables describe the parameters in the configuration file along with the default values 
and range. 

* General Configuration Parameters (page 13) 

* Login Configuration Parameters (page 18) 

* Security Configuration Parameters (page 19) 


* Log Configuration Parameters (page 20) 


Table 2-1 General Configuration Parameters 


Parameter Default Value Description 
HOST IP ADDR IP address of the host The IP address of the host that the NetWare 


FTP Server software is being loaded on. 


Make sure that this value is in the standard IP 
address format and does not exceed 15 
characters. The IP address should be valid 
and it should not contain any special 
characters such as @  $ 96 & * ()?« >;. 


Range = 0.0.0.0 to 255.255.255.254 
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Parameter Default Value 


FORCE PASSIVE ADDR 


FTP PORT 21 (Standard FTP port) 


MAX FTP SESSIONS 30 
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Description 


The public IP address to be exposed in a 
passive reply to FTP clients. This address 
need not bind to the NetWare server. It usually 
binds to a NAT device which routes between a 
private FTP server and a public FTP client. If 
commented out or set to 0.0.0.0, FTP Server 
uses the HOST IP ADDR. 


Make sure that this value is in the standard IP 
address format and does not exceed 15 
characters. The IP address should be valid 
and it should not contain any special 
characters such as @ # $ 96 & * ()?« »;. 


Range = 0.0.0.0 to 255.255.255.254. 


Anytime FORCE_PASSIVE_ADDR is used 
and private clients need to contact the FTP 
server, a separate instance of FTP should be 
running on a secondary private-side IP 
address, with no public address set by the 
FORCE_PASSIVE_ADDR. 


This parameter is useful in the following 
scenarios: 


* When FTP is on secure connection 


* Where the NAT device is not enhanced 
to look inside PASV replies to translate 
addresses there 


* Where SSL is in use so the data portion 
is encrypted and not visible to the NAT 
device. 


The port number that the NetWare FTP Server 
should bind to and listen for connection 
requests from. 


Range = 0 to 65535 


If the port number value is not within the 
specified range, then the FTP Server takes 
the default value. 


Maximum number of FTP sessions that can 
be active at any point of time. Minimum value 
is 1. 


Maximum value = 231 -1 (2147483647) 


If this value is set to less than 0, then the FTP 
Server takes the default value. 


Parameter 


IDLE SESSION TIMEOUT 


SECURE CONNECTIONS O 
NLY 


DEFAULT NAMESPACE 


DATA BUFF SIZE 


Default Value 


600 


Long 


64 


Description 


The time (in seconds) that any session can 
remain idle. 


Maximum value = 231 -1 (2147483647) 


The session never times out if the value is set 
as negative. 


Enables only secure FTP connections. 


Specify Yes to enable only secure FTP 
connections. 


The default name space. 
The valid values are DOS and LONG. 


Specifies the buffer size (in kilobytes) for the 
file transfer. It is applicable to both record and 
file structures. 


This parameter applies to the commands put, 
Is, get, and dir. 


Enter the value in the following format: 


DATA BUFF SIZE - 64 


Range = 4 to 1020 KB 


If the value is less than 4, then the FTP Server 
takes the value as 4 KB. 


If the value is greater than 1020, then the FTP 
Server takes 1020 KB. 


Optimum Buffer Size for Mixed 
Operations: 64 KB. 


Optimum Buffer Size for Store Operations: 
Increase the buffer size for large files. 


When setting the value , consider system 
resources such as memory, network 
bandwidth and speed available. 
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Parameter Default Value 


TRANSMITFILE SUPPORT NO 


KEEPALIVE TIME 10 


WELCOME BANNER sys:\etc\welcome.txt 
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Description 


Anew parameter TRANSMITFILE SUPPORT 
has been added in ftpserv.cfg to improve the 
performance of downloading large files. 


When this parameter is set to YES, the FTP 
server uses new TransmitFile calls to transfer 
the file to the FTP client. File data is read from 
the file and directly written to the TCP socket, 
instead of writing to a TCP buffer and then 
writing it to the socket. 


If the parameter is set to NO, FTP uses the 
normal data buffer to read data from a file and 
then writes it to the socket. 


The FTP Server uses the TransmitFile 
interface only while sending data from the 
local volumes to an FTP client. 


Files being received (uploaded) by the FTP 
server are not impacted by this parameter. 


Record structure file transfer and remote 
server file transfer are not supported by 
TransmitFile. They will use the existing data 
buffer transfer mechanism 


Specifies the timeout time (in minutes) to close 
the connection which might be broken on one 
side. 


Range = 5 to 120 


If the value is less than 0, then the FTP Server 
takes the value as O. 


A value less than or equal to 0 minutes is 
taken as 0, which means no keep alive check 
is done. A value between 1 and 4 (both 
inclusive) or greater than 120 minutes is taken 
as 120 minutes. 


Vary the time based on FTP service usage. 
Typically, 10 minutes is adequate. 


However, for frequently broken connections 
(as is common with dial-up connections), 
decrease the timeout to clear broken 
connections faster. 


Some FTP clients might process keep alive 
packets incorrectly. In such a scenario 
increase or disable the timeout to allow longer 
sessions without a keep alive check. 


The content of this file displays when the FTP 
client establishes a connection. 


The path with the filename can contain up to 
512 bytes. 


Parameter Default Value 


MESSAGE FILE message.txt 


PASSIVE PORT MIN 1 


PASSIVE PORT MAX 65534 


PSEUDO SERVER FLAG 0 


PSEUDO FILE PERMISSIO 644 
NS 


Description 


The content of this file displays, when the user 
changes the directory. For this, the file with 
that name must exist in the directory. 


The path with the filename can contain up to 
512 bytes. 


Minimum port number used for establishing 
passive data connection. 


Range 7 1 to 65534 


If this value is not within the range, then the 
FTP Server takes the default value. 


If this value is greater than the value specified 
for the maximum port number, then the FTP 
Server takes the default values of both 
parameters. 


Maximum port number used for establishing 
passive data connection. 


Range 7 1 to 65534 


If this value not within the range, then the FTP 
Server takes the default value. 


Specifies how the Netware FTP server should 
simulate UNIX FTP server behavior. 


It can take decimal values from 0 through 3. 
This value is converted to binary format and 
each bit is assigned a behavior. The LSB 
(least significant bit), denotes the reply string 
that is sent for the SYST command. 


If itis set to 1, the string will be UNIX Type: L8. 
By default, itis NETWARE Type: L8.The next 
bit to the LSB denotes the format that the 
permissions should be sent to the FTP client 
during a directory listing. 


If itis set to 1, then UNIX-like format is sent. 
By default the permissions are sent in 
NetWare trustee rights format. 


Specifies the pseudo permissions displayed 
for files in the FTP client. This does not impact 
the actual trustee rights available for the files 
in any way. 


This parameter is considered only when the 
PSEUDO PERMISSIONS parameter is set to 
ON, otherwise this is ignored. The value must 
be a three digit octal value. Maximum value = 
777 
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Parameter Default Value 


PSEUDO DIR PERMISSION 755 
S 


DISABLE PATH DIR LISTIN No 
G 


Table 2-2 Login Configuration Parameters 


Parameter Default Value 


DEFAULT USER HOME SE Server where FTP is 
RVER running 


DEFAULT USER HOME sys:\public 


IGNORE_REMOTE_HOME No 


IGNORE_HOME_DIR No 


DEFAULT_FTP_CONTEXT 
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Description 


Specifies the pseudo permissions displayed 
for directories in the FTP client. This does not 
impact the actual trustee rights available for 
the directories in any way. 


This parameter is considered only when the 
PSEUDO_PERMISSIONS parameter is set to 
ON, otherwise this is ignored.The value must 
be a three digit octal value. Maximum value = 
777 


Enables or disables prefixing of the command 
argument path to the results while directory 
listing. 


Valid Values: Yes, No 


Description 


The name of the server that the default home 
directory is on. 


The path can contain up to 97 bytes. 
The default home directory of the user. 


The path with the filename can contain up to 
512 bytes. 


Specifies whether to ignore the home 
directory set in the Novell eDirectory user 
object, if it is on a remote server, and go to the 
default directory. 


Valid values = Yes, No 


Specifies whether to ignore the home 
directory set in the eDirectory user object and 
go to the default directory. 


Valid values = Yes, No 


Specifies the default context in which the 
users will be searched. Specify this as fully 
distinguished name (FDN).If you do not set 
the default FTP context, or if the specified 
context is invalid, then the bindery context of 
the server, if available, is set as default FTP 
context, otherwise the context of the server 
object is used. 


Parameter Default Value 


SEARCH LIST 

RESTRICT FILE sys:\etc\ftprest.txt 
ANONYMOUS_ACCESS No 
ANONYMOUS_HOME sys:\public 


ANONYMOUS PASSWORD Yes 
REQUIRED 


Table 2-3 Security Configuration Parameters 


Parameter Default Value 


INTRUDER HOST ATTEMPTS 20 


HOST RESET TIME 5 


Description 


A list of fully distinguished names of 
containers (contexts) in which FTP users are 
to be looked for (without any spaces), 
separated by commas. The length of this 
string including the commas should not 
exceed 2048 bytes. 


Each context specified by a fully distinguished 
name must begin with a leading dot (.). 


You can specify a maximum of 30 containers. 


To enable searching the user in the subtree 
under a search #container, append ':s' to the 
search container. 


NetWare FTP Server can define access 
restrictions to various levels of users, hosts, 
etc. These restrictions are defined in a file, 
which can be specified here. 


The path with the filename can contain up to 
512 bytes. 


Specifies whether anonymous user access is 
allowed. 


Valid values = Yes, No 

The home directory of the anonymous user. 
The path format is 

volumename: [/directory name/...] 
This path can contain up to 512 bytes. 


If colon (:) does not exist in the anonymous 
home directory, then the FTP Server takes 
default (sys:/public) to be the anonymous 
user home directory. 


Specifies whether to ask for an E-mail ID as 
the password for anonymous user to log in. 


Valid values = Yes, No 


Description 


The number of unsuccessful log in attempts for 
intruder host detection. 


The maximum value is 2 31 -1 (2147483647) 
attempts. 


Time interval (in minutes) during which the intruder 
host is not allowed to log in. 
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Parameter 


INTRUDER USER ATTEMPTS 


USER RESET TIME 


Default Value 


5 


10 


Table 2-4 Log Configuration Parameters 


Parameter 


FTP LOG DIR 


MAX LOG SIZE 


LOG LEVEL 


FTPD LOG 


AUDIT LOG 


Default Value 


Sys: etc 


1024 


FTPD 


FTPAUDIT 
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Description 


The number of unsuccessful login attempts for 
intruder user detection. 


The maximum value = 2 31 -1 (2147483647) 


Time interval (in minutes)during which the intruder 
user is not allowed to log in. 


Description 


The directory where log files are stored. 
This path could contain up to 512 bytes. 


Do not give a filename that ends with a back slash (Y 
)or a forward slash ( / ). Otherwise the log file does 
not get created. 


Maximum size (in KB) of the log files up to which 
messages will be logged. 


Range = 1 to 4194303 

Indicates the level of messages logged. 
1 ERROR 

2 - WARNING 


4 = INFORMATION 


The following combinations can be given: 

3 - ERROR, WARNING 

5 ERROR, INFORMATION 

6 = INFORMATION, WARNING 

7 = ERROR, WARNING, and INFORMATION 


The ftpd.log file is created automatically. This file 
contains all the internal system related information 
that NetWare FTP Server encounters. 


The path with the filename could contain up to 512 
bytes. 


The ftpaudit.log file is created automatically. This file 
contains details of user login activities. 


The path with the filename could contain up to 512 
bytes. 


Parameter Default Value Description 


INTRUDER LOG FTPINTR The ftpintr.log file is created automatically. This file 
contains details of unsuccessful login attempts. 


The path with the filename could contain up to 512 
bytes. 


STAT LOG FTPSTAT The ftpstst.log file is created automatically. This file 
contains details of all active sessions. 


The path with the filename could contain up to 512 
bytes. 


2.2 Configuring Using iManager 


You can use the iManager management utility that NetWare 6.5 provides to configure the NetWare 
FTP Server. 


NOTE: The FTP Server iManager snap-in does not work in the Novell Remote Manager browser. 


2.2.1 Installing FTP in iManager 


Meet the following requirements for the FTP Admin to get installed in iManager. 


U Apache Web Server is selected during NetWare 6.5 install. 
LO] iManager 2.5 is selected during the NetWare 6.5 install. 


For more information about installing iManager 2.5, refer to Novell iManager 2.5 Installation 
Guide. 


To go to FTP plug-in choose the category 'Infrastructure' and click File Protocols > FTP to 
launch the FTP Server Administration page. However both of these links under "infrastructure" 
category and under 'all categories' refer to same plug-in object on the server. 


2.2.2 Configuring FTP Server Settings 


1 In iManager, click the Infrastructure category and click File Protocols > FTP to launch the FTP 
Server Administration page. 
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In iManager 2.5, plug-ins are segregated based on categories they belong to. The FTP plug-in 
can be located in the categories Infrastructure as well as All categories.The FTP link in both 
Infrastructure and All categories point to the same FTP Server Administration page. 


Figure 2-1 FTP Server Administration Page 
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2 Click the Object selector to select the server where you will administer the FTP Server. 


3 (Optional)Click Monitor Active FTP Sessions to view the number of active FTP instances and 
instance details such as IP address, port number, peak bandwidth and the location of the 
configuration file. 


4 Inthe FTP Server Instances section, view the details of the FTP server instances. Use this 
section to select the instance that you want to configure, start, or stop. You can also use it to add 
or delete instances. 


5 Click the instance for which you want to configure the parameters. 


You can view the General, User, Security and Log tabs where you can configure the 
parameters. 
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6 Select the General tab to modify the FTP General parameters. 


Figure 2-2 General Page 
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Use General page to modify parameters related to Multiple Instances, FTP Session, Firewall 
Port Limits for passive connections, and Simulation of UNIX FTP replies. Click Monitor to 
view the active sessions. 


7 Select the User tab to modify the FTP User settings. 


Figure 2-3 User Page 
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Use this page to modify parameters for FTP login and Anonymous access. 


Configuring NetWare FTP Server 23 


8 Select the Security tab to modify Intruder Detection parameters such as Host and User Intruder 
Detection Settings. 


Figure 2-4 Security Page 
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9 Select the Log tab to view FTP log files on the server 


Figure 2-5 Log Settings Page 
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10 For more information on the parameters, refer to the online help. 


11 Click Save to save your settings, click Refresh to display the changes, or click Cancel to retain 
the previous settings. 
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Managing and Administering 


This chapter discusses the following topics: 


* Starting NetWare FTP Server (page 25) 
* Using the NetWare FTP Server from an FTP Client (page 27) 
* Administering (page 33) 


3.1 Starting NetWare FTP Server 


Load the NetWare® FTP Server software from the NetWare server using the following command: 
nwftpd 


When you start the software, the NetWare FTP Server uses the IP address of the host 
(HOST IP ADDR) and the port number (FTP PORT), as defined in sys: /etc/ftpserv.cfg, 
the default configuration file, to bind to and listen for FTP client connection requests. 


If these parameters are not defined in the configuration file, the NetWare FTP Server binds to all 
configured network interfaces and the standard FTP ports (port number 21). 


To start the NetWare FTP Server software with a different configuration file (for example, 
myconfig.cfg), enter the following at the command line: 


nwftpd -c [volname:[/dirname/...]]myconfig.cfg 


Default directory = sys : /etc. Default volume= sys: 


TIP: FTP Server aborts if the configuration file specified with -c option does not exist. 


3.1.1 Dynamic Configuration Updates 


The nwftpd command supports dynamic configuration updates by default. This means, the 
changes made to the configuration file with which the server has loaded take effect dynamically. The 
administrator need not unload and reload the server for the changes to take effect. 


However, it takes some time for the parameter values changed dynamically to take effect. 


Disabling Dynamic Configuration Updates 
To disable the dynamic configuration updates, use the following format: 


nwftpd [-c [volname:[/dirname/...]]myconfig.cfg] -d 


3.1.2 Creating an Anonymous User 


NetWare FTP Server software supports anonymous user account. This account provides users access 
to public files. You can enable or disable access to the anonymous user account by setting the 
ANONYMOUS ACCESS parameter in the configuration file. By default, the parameter is set to 
No. Specify the path of the Anonymous user's home directory in the ANONYMOUS HOME 
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directory parameter of the configuration file. If the ANONYMOUS HOME path does not exist, 
anonymous login fails and anonymous user will not be placed in sys: \public. 


For more details, see Table 2-2 on page 18. 
To create an anonymous user, use the following format: 


nwftpd -a [-c [volname:[/dirname/...]]myconfig.cfg] 


Using -a Option 
When you use the -a option, NetWare FTP Server does the following: 
1. Creates the anonymous user, creates the home directory (if it is not available), and assigns the 
rights to the directory. 


2. On-screen prompts are displayed to enter the administrator name and password. The 
anonymous user is created in the eDirectory™ tree at the default context. 


3. The -a option modifies the configuration file for anonymous user access. 


However, it does not start the NetWare FTP Server. To start the NetWare FTP Server after this 
change, reload nwf tpd. 


4. The configured anonymous home directory displays on the screen with an option to modify it. 


5. If the administrator does not specify a home directory, then the default directory is taken. The 
anonymous user has only Read and File Scan rights to the default directory. If the administrator 
specifies the anonymous home directory, then the directory is created and the Anonymous user 
will get Read, File Scan, Create, Delete, and Modify rights to that directory. 


6. The server takes the anonymous user home directory from the configuration file and displays it 
on the screen with the option to modify the directory. 


Rights 


When you manually create the anonymous user using a method other than nwftpd -a, ensure that the 
anonymous user has adequate rights to the anonymous home directory configured in the FTP Server. 
If adequate rights are not given, the file operations for the anonymous user might fail. 


Password 


The FTP Server assigns a blank password to the anonymous user. When the anonymous user 
attempts to log in, even though the FTP server gets an e-mail account as password, the anonymous 
user is logged on using a blank password. 


The anonymous user login succeeds in the following conditions: 


* When you create the anonymous user using nwftpd -a. 


* When you manually create the anonymous user and assign a password, but leave it blank. 


The anonymous user login fails when you manually create the anonymous user, and when doing so, 
either assign a password that is not blank, or do not assign a password. This is because the FTP 
Server expects a blank password for the anonymous user. 
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3.2 Using the NetWare FTP Server from an FTP 
Client 


This section discusses the following: 


* Starting an FTP Session (page 27) 

* Security Extensions (page 29) 

* Paths Formats (page 31) 

* Accessing a Remote Server (page 30) 
* Site Commands (page 31) 

* Name Space and Filenames (page 32) 


3.2.1 Starting an FTP Session 


To start an FTP session from a workstation running the FTP client software, use the following 
format: 


IP Address [Port Number] 


ftp hostname 


Parameter Description 

hostname| IP Address Name of the server in the DNS or IP 
address of the NetWare server running the 
FTP service. 

Port number The port where the server is listening for 


connection requests. 


Use with the open command. 
When you enter this command, the FTP client prompts for a username and password. 


Logging In to the eDirectory Tree 
You can log in to the NetWare FTP Server in one of the following ways: 
* Specify the username with full context, including a leading dot (.). 
For example: 
.userl.sales.company. 


If you do not specify the context, the NetWare FTP Server searches for the user only in the 
current session context. 


Specify the context relative to the default context (which is the context of the NetWare server 
where FTP is running). 


Relative contexts do not include leading dots. 


For example, is the default context of NetWare FTP Server is .company, then the user! located 
in the .sales.company container can log in using the following format: 


userl.sales 
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When logging in for the first time only with username without specifying the context, the 
NetWare FTP Server searches for the user in the following sequence: 


1. Default FTP context. 
2. The first bindery context of the server, if it is set. 
a. The context of the NetWare Server object, if the bindery context is not set. 


b. The contexts listed in the SEARCH_LIST parameter of the configuration file 
ftpserv.cfg, in the order listed. 


When a user login is successful, the NetWare FTP Server context gets set to the user’s context. 
Therefore, when a user is logged in to an FTP session and decides to authenticate as another user 
(without specifying a context) with the command USER username, this new username is searched 
for under the context of the user previously logged in successfully. If the user is not found here, the 
user is searched in the order of contexts listed in the SEARCH LIST parameter of ftpserv.cfg. 


If a user with an expired password attempts to log in to the NetWare FTP Server, a message stating 
that the password has expired displays after the user logs in. Logging in with an expired password 
uses the grace logins. If all the grace logins of the user expire, the user cannot log in and receives an 
error message. 


User Home Directory 


After the user logs in, the NetWare FTP Server places the user in the user’s eDirectory home 
directory (if defined) and attaches the user to the server where the home directory resides. 


If the home directory is not defined or cannot be located, the NetWare FTP Server places the user in 
the default user home directory specified in the configuration file. 


To specify the name of the server where the default user home directory is located, use the 
DEFAULT USER HOME SERVER parameter. If the parameter is not specified, by default the 
NetWare FTP Server considers the default user home directory to be on the server where the 
NetWare FTP Server is running. 


A user is placed in the default user home directory under the following conditions: 


* IFIGNORE HOME DIR = Yes. 
* IFIGNORE REMOTE HOME = Yes, and the user's home directory is on a remote server. 


* If the remote server on which the home directory exists is down. 
The user without a home directory is placed in 
Default Home ServerNDefault User Home directory. If this fails (either because the 
home server is down or the home directory is not present in the home server), then the user is placed 


inLocal_server\Default User Home. If that fails too, (because Default User Home is 
not present in the local server also), then the user is placed in Local server M Sys: public. 


Logging In to Server running an IBM Operating System 


To log in to a remote Server running an IBM Operating System, the user must have a user account in 
that server. 


To log in to the IBM server from FTP client, start an FTP session using FTPHost. Give the username 
in the following format: 
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@IBMservername.usernam 


To log in to an IBM server from a browser, use the following format: 


ftp //+IBMservertusername:password@FTPHost 


To log in as an anonymous user, the user name and password can be omitted: 


ftp //+IBMservername@FtpHost 
After logging in to an IBM server, the user is placed in the home directory of that IBM server. 


While logging in to an IBM server, the user is not authenticated to the eDirectory tree. So, 
navigation between IBM servers and eDirectory servers is not possible. 


3.2.2 Security Extensions 


Security extensions enable secure FTP clients that support SSL and TLS mechanism to establish 
secure connections with the server. 


SSL and TLS are similar to the encryption system used by https web pages. It provides secure 
method for sending sensitive information across connections. The control and data connections are 
fully encrypted so no one can view the FTP commands, username, password, and data transferred as 
is possible with all non encrypted FTP sessions. 


After successful negotiation of the SSL/TLS mechanism, all the commands and replies are 
encrypted. 


Netware FTP server supports the following mechanisms and commands related to security 
extensions. 
* SSL encryption mechanism 
* TLS encryption mechanism 
* Command channel encryption and data channel encryption. 
* The following security extension commands: 
* AUTH Mechanism Name 
* PBSZ Protection Buffer Size 
* PROT Protection Level 


FTP Clients 
For using security extensions, use FTP clients that support SSL/TLS mechanism. 
The following list gives a representative list of such FTP Clients: 

* SmartFTP V1.0 


This is a secure GUI FTP client. You can download it from SmartFTP Web site (http:// 
www.smartftp.com). 

* ftps 
This is a command line FTP client from FreeBSD* that can be installed in Windows and UNIX 
machines. You can download it from BSDFTPD-SSL Web site (http://bsdftpd-ssl.sc.ru). 
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* Secure FTP 2 


This is a command line Secure FTP client. You can download it from the GlubTech Inc. Web 
site (http://www.glub.com/products/secureftp/download.shtml). 


3.2.3 Accessing a Remote Server 


The remote server can be another NetWare server or an IBM server, provided they are in the same 
tree. 


The double slash (//) indicates that the user wants to access a remote server. After the double slash, 
the first entry must be the name of the remote server. 


During remote server navigation, to check the server to which you are doing FTP operations, 
execute the quote stat command.This displays the current server in the statistics listing. 


Navigating to eDirectory Servers 


After logging in to the eDirectory™ tree, users can access files and directories on a remote NetWare 
server whether or not the server is running NetWare FTP Server software. 


The NCP™ protocol lets you transfer files and navigate to and from remote eDirectory servers. 
Figure 3-1 How a NetWare FTP Server Accesses Remote NetWare Servers 
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To navigate to remote servers, use the following format: 


cd //remote server name/volume/directory pathname 


File operations such as get, put, and delete can be used on the remote server, even without changing 
directory path to that server. For example: 


get //remote server name/volume/directory path/filename 


If the current directory is on a remote server and the remote server goes down, the user is placed in 
the home directory in the home server. If the home server is not available, the user is placed in the 
default user home directory. 
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3.2.4 Paths Formats 


Task 


Specifying the volume and directory path 
name 


Navigating to different volumes 
Switching back to the home directory 
Switching to home directory of any user 


Switching to the root of the server 


Command Format 


llserver namelvolume nameldirectory path 


cd /volume name 
cd ~ 
cd -user name 


cd/ 


IMPORTANT: NetWare FTP Server does not support wildcards at the root of the server. 


3.2.5 Site Commands 


The SITE command enables FTP clients to access features specific to the NetWare FTP Server. 


The SITE command has the following syntax: 


SITE [SLIST | SERVER | HELP 


CX {CONTEXT} | LONG | DOS | OU] 


NOTE: The settings done through Site Commands are valid only for current session. 


These commands are unique to the NetWare FTP service and are not standard FTP commands. 


The following table provides the list of site commands along with their descriptions: 


Command Description 

SLIST Lists all the NetWare servers within the eDirectory tree. 

SERVER Lists all NetWare servers in the current eDirectory context and its sub- 
OUs. 
For example, SITE SERVER displays all NetWare servers in the current 
context. 

HELP Displays the help file related to the Site commands. It gives the syntax, 


and description of all site commands. 
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Command Description 


CX CX without a context displays the current context of the NetWare FTP 
Server 


CX with a context as an argument sets the current eDirectory context to 
a given value. For example: 


To change to an OU named "test" within the current context, use "cx 
ou-test" (which specifies a relative context). 


cx .ou=test.o=acme sets the context to the OU test using the absolute 
context 


CX with the argument ~ ,resets the context back to user's context 
OU Displays all the organizational units relative to the current context 


OU enables users to display the eDirectory organizations (containers) 
below the current eDirectory context. 


LONG Changes the configured name space to the LONG name space. 
DOS Changes to the configured name space to the DOS name space. 


DOS changes the configured name space to the DOS name space. This 
change takes place only for the current session. All NetWare volumes 
support the DOS name space. 


3.2.6 Name Space and Filenames 


NetWare FTP Server software supports DOS and LONG name space. The default name space is 
configured in the configuration file. FTP users can also change it dynamically using the SITE DOS 
command orthe SITE LONG command. 


NOTE: The name space changed using Site command is in effect only in the current session. 


The default configured name space is LONG. 


When the user changes the name space, the change affects only those volumes that support the 
specified name space. If the LONG name space is not supported on a specific volume, users must 
follow the DOS file naming conventions of using no more than eight characters for the name plus no 
more than three additional characters for the extension. 


In both name spaces, the user views the response to the 1s or Dir command in the NetWare format 
only. Format of the directory listing is as follows: 


type rights owner size time name 
where the above variables stand for the following: 


* Type: Type of file, where (-) indicates a file and (d) indicates a directory. 
* Rights: The file owner's effective NetWare rights of this file or directory. 


* Owner: NetWare user who created this file or directory. In case the mapping of objects and the 
owner's name is not found, the object ID is displayed. 


* Size: The size, in bytes, of the file or directory. In case of a directory, it is always 512. 
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* Time: The modification date and time of the file or directory. 


* Name: The name of the file or directory in the current name space. 


3.3 Administering 


This section discusses various ways to administer the NetWare FTP Server: 


Supporting Extended Characters in a User Password (page 33) 


Initializing Multiple Instances (page 33) 


Unloading Specific Instances (page 34) 


Managing Intruder Detection (page 34) 


Specifying Access Restrictions (page 35) 
Monitoring FTP Log Files (page 38) 


Viewing Active Sessions (page 39) 


Setting Modification Time (page 40) 
SubTree Search Support (page 41) 


3.3.1 Supporting Extended Characters in a User Password 


Users will be unable to log in if a password containing extended characters is set from a Windows 
workstation, for example, from iManager. This is because of code page differences between the 
server and the client. 


To ensure that the user login is successful, you need to set a password with extended characters from 
the server console. 


3.3.2 Initializing Multiple Instances 


Multiple instances of the NetWare FTP Server can run on a single machine with different IP 
addresses, or port numbers. 


You can initialize multiple instances of the NetWare FTP Server, if each instance of the NetWare 
FTP Server has a unique IP address and port number combination. Each NetWare FTP Server 
instance can have its own configuration file and access restrictions file. 


The NetWare FTP Server uses the IP address of the host (HOST IP ADDR) and the port number 
(FTP PORT) as defined in the configuration file to bind to and listen for FTP client connection 
requests. You can specify the configuration file while starting the NetWare FTP Server. If these 
parameters are not defined in the configuration file, the NetWare FTP Server listens to the standard 
FTP port number on all of the NetWare Server's IP addresses. 


If multiple instances of NetWare FTP Server (NWFTPD) are running and if you need to set the 
FORCE PASSIVE ADDR parameter (non-default), then any instance where this is set must have a 
unique value. 


If one instance of NetWare FTP Server is listening on multiple addresses and the configured passive 
address is not reachable from clients on some networks, then the admin can configure separate 
instances of FTP for each network address. Each instance can then have it's own 

FORCE PASSIVE ADDR setting. 
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For more details, see Table 2-1 on page 13. 


3.3.3 Unloading Specific Instances 


You can unload specific instances of NetWare FTP Server corresponding to the specified 
configuration file, using the following syntax: 


nwftpd -u [volname: [/dirname/...]] myconfig.cfg 


Default directory = sys:/etc. Default volume = sys: 


3.3.4 Managing Intruder Detection 


You can enable either host or user intruder detection at a time. 


For example, INTRUDER HOST ATTEMPTS can be disabled (set to 0) while 
INTRUDER USER ATTEMPTS is enabled (set to 1 or higher). 


If a successful login takes place before the maximum specified number of unsuccessful login 
attempts, the login failures count is reset to 0. 


If the invalid login attempts of the users and hosts are less than maximum attempts allowed, and 
they are not detected as intruder, they are removed from the corresponding list after refresh time of 
72 hours. 


The intruder host, and the intruder user lists are refreshed every 72 hours. 


Host Intruder Detection 


A host or a client machine is considered an intruder when the number of consecutive login failures 
for any user from that host is more than the configured limit set by the 
INTRUDER HOST ATTEMPTS parameter. 


What Happens When the Host Is Identified As an Intruder 


* The Server closes the session. 


* The host machine's access to the NetWare FTP Server is denied the time interval specified by 
the HOST RESET TIME parameter in the configuration file. 


User Intruder Detection 


A user is considered an intruder when the number of unsuccessful login attempts is more than those 
specified by the INTRUDER USER ATTEMPTS parameter in the configuration file. 


All failed attempts from a user from different hosts are considered for intruder detection as same 
user. When the accumulated attempts for the same user from different hosts exceeds the maximum 
attempts, then that user is detected as intruder. 


What Happens When the User Is Identified As an Intruder 


* The user account is locked out for an interval of time specified by the USER RESET TIME 
parameter in the configuration file. 


* User cannot log in from a different host until the reset time 1s over. 
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3.3.5 Specifying Access Restrictions 


The FTP service lets you specify access restrictions for a user, a client host, and the IP address of a 
client host. The access restrictions are specified in the restrictions file- RESTRICT FILE, that can 
be configured. You can specify the access restrictions at various levels and multiple access rights are 


allowed. 


By default, changes to the Ri 


ESTRICT FILE take effect dynamically. But when the objects 


restricted in ftprest.txt file are renamed in eDirectory™, these objects should be synchronized 
manually in the ftprest.txt restriction file 


Restriction Levels 


The following table describes the supported levels of access restrictions. 


Restriction Level 


Container 


User 


Domain 


Description 


Restriction can be specified for any eDirectory container. This 
controls all the users in that container and its sub-OUs. 


* container name 


The asterisk (*) indicates the container level restriction. The 
container should be a fully distinguished name. 


If the container names have aliases, then to apply the 
restrictions to them, add the alias of the container names in 
the restrictions file. 


Restriction can be specified for a particular user. 
.user name 


The period (.) indicates user level restriction. The username 
should be a fully distinguished name. 


If the user names have aliases, then to apply the restrictions 
to them, add the alias of the user names in the restrictions file. 


Restriction can be specified at the domain level. This controls 
all the hosts in that domain and its sub domains. The following 
is the RESTRICT file format: 


DOMAIN= domain name 


The DOMAIN= key word indicates the domain level 
restriction. 


The domain restrictions do not work if the NetWare server is 
not configured to query a valid DNS server, or if the restricted 
domain's DNS database does not contain a pointer record 
(address to name resolution) for the FTP client address. 
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Restriction Level Description 


Address Range Restriction can be specified based on the IP address or 
range. 


Restricts any node that has the IP Address within the 
specified IP address range. The range is specified by two IP 
addresses separated by a space. The range = 0.0.0.0 to 
255.255.255.254. The value 255.255.255.255 is invalid since 
255.255.255.255 is a broadcast address and not supported 
for ADDRESS RANGE. 


Host Restriction can be specified for a particular host machine. 
ADDRESS= host name/IP address 


The ADDRESS= key word indicates the host level restriction. 
The host name or IP address of the host can be specified. 


The DNS configuration should be proper for address and 
domain name restrictions. 


Access Rights 


The following table describes the permitted access rights. 


Access Right Description 

DENY Denies access to the NetWare FTP Server for that client. 
READONLY Gives read-only access to the client. 

NOREMOTE During login, the NetWare FTP Server determines the user's home 


server / home directory. The user is unable to navigate outside the 
home server. 


NOTE: The home server can be different from the server where 
NetWare FTP Server is running. 


GUEST During login, the NetWare FTP Server determines the user's home 
server / home directory. The user is unable to navigate outside of the 
home directory. 


NOTE: The home server can be different from the NetWare FTP 
Server. 


ALLOW Gives normal FTP access without restriction. 


Keywords 


The following table describes the possible keywords. 


Keyword Description 
ADDRESS- Restricts a particular node. The IP address or machine name can 
be used. 
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Keyword Description 


DOMAIN- Restricts a particular Domain. 
The asterisk (*) should be used for container level restrictions. 


ADDRESS RANGE- Restricts a range of nodes based on the IP Address. It applies the 
restriction to any node that has the IP Address within the specified 
IP address range. 


ACCESS- Is mandatory for each line. It should be followed by access rights. 


Restrict File 
The format and organization of the restrict file is as follows: 


* Each line should have one entity name and corresponding access rights. 


* The rights of the entities are assigned according to the order of the RESTRICT file. If different 
rights apply to the same entity, the latest entities that appear in the RESTRICT file are taken. 


* All rights specified in the same line are applied to that entity. 


* [fthe RESTRICT file does not exist or is empty, the ALLOW access is given to all users. Users 
have no restrictions other than those imposed by their own effective trustee rights to the file 


system. 
Example 1 
*.novell ACCESS-ALLOW 
*.testou.novell ACCESS-DENY 
.userl.testou.novell ACCESS-READONLY 


Userl at testou is granted read-only rights. The other users at testou.novell are denied the right to log 
in. However, all other OUs at .novell are allowed. 


Example 2 
*.testou.novell ACCESS-DENY 
*.novell ACCESS-ALLOW 


All OUs at .novell are allowed because both rights apply to testou and the later would be taken. 


Example 3 


ADDRESS=Clientmachinel.testou.novell.com ACCESS-NOREMOTE 


.userl.novell ACCESS-READONLY 


The user] logging from clientmachinel will have read-only and no remote access. 


For more details, see Table 2-2 on page 18 
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3.3.6 Monitoring FTP Log Files 


The NetWare FTP Server has four log files for recording different activity information. All the log 
files are created in the FTP LOG DIR directory specified in the configuration file. 


The LOG LEVEL parameter defined in the configuration file controls the number and type of 
information logged. 


All the log files now support comma delimited format for log messages. 
Specifying Log Levels 


The log levels indicate bits for which you can give any combination. 


* | ERROR 
* 2 = WARNING 
* 4—- INFO 
Log Level Combination Logged 
LOG LEVEL = 3 Error messages and warning 
messages. 
LOG LEVEL = 4 Error messages and warning 
messages. 
LOG LEVEL - 7 (Default) All messages are logged 


The MAX LOG SIZE parameter specifies the maximum size of the log files (in KB), up to which 
messages can be logged. After exceeding this limit, the existing contents of log files are copied to 
the corresponding backup (*.bak) files. 


Statistics Log File 


Statistics log file contains details of all active sessions in the log file. The default path is sys: / 
etc/ftpstat.log. 


Statistics log file maintains the following three record types.Every record type is separated by a 
comma. 


* TRANSFER: Contains information related to the data transfer. 
* USER: Contains information related to users logged in/out. 


* FAILURE: Contains information about the number of failures during data transfer. 


Intruder Log File 


Intruder log file contains information about unsuccessful login attempts. The default path is sys : / 
etc/ftpintr.log. 


The following information is recorded in the file: 


* Address of the machine where the login originated 


* Time of the attempted access 
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* Login name of the user 


The general intruder log format is 


ErrorLevel, Date Time, Client IPaddress, UserName, messag 


System Log File 


System log file contains all the internal system-related information encountered by the NetWare FTP 


Server. 


The general System log file format is 


Error, Thread ID, Date Time, Messag 


For more details, see Table 2-4 on page 20. 


3.3.7 Viewing Active Sessions 


To load the Active Sessions display utility, click on the monitor active sessions link in iManager. 


Figure 3-2 Active Session Display 
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Figure 3-3 Session-based Details 


Hek > - DAD Qseach Gaves Queda G| 2 C - 8] 2 ta EJ 
FTP Configuration Parameters 
FTP Instance 1 Configuration File : sys:\etc\ftpserv.cfg 
Parameter Value 
FTP Server IP Address 0.0.0.0 
FTP Server Passive IP Address Not Specified 
FTP Server Port No. 21 
Maximum Concurrent FTP Sessions 30 
Maximum Idle Session Duration (m seconds) 600 
Allow only Secure Connections NO 
Default Name Space LONG 
Data Buffer Size (n KB) 64 
KeepAkve Timeout for broken connections (in minutes) 10 
Welcome Banner File Path sysletc/welcome.txt 
Message File Name message.txt 
Minimum Port No. For Passive Connection 1 
Maximum Port No. For Passive Connection 65534 
UNIX-type Behavior Flag 0 
UNTX-type File Permissions 644 
UNIX-type Directory Permissions 755 
Server For Default User Home NPSDT-VAL-1 
Default Home Directory For Users sys/pubkc 
Ignore User's Remote Home Directory NO 
Ignore User's Home Directory NO 
Default FTP Context Not Specified 
Search List Not Specified 
Catalog Object Name fipcat 
Restrictions File Path sysfetc/@prest txt E 


You can view session-based details such as bytes sent, bytes received, session duration, files sent, 
files received, and current Novell? eDirectory™ 8.7.3 context. These details are not tied to 
individual user logins. 


These statistics related pages time out after every 20 minutes, the user needs to reload it by clicking 
monitor active session link again. 


3.3.8 Setting Modification Time 


NetWare FTP Server now supports extended functionality for the modification time command. This 
command, mdtm, now allows you to set the last modified date and time for both files and 
directories. 


Previously, the mdtm command functionality was limited to retrieving the last modified date and 
time of a file only. 


The command syntax is as follows: 
mdtm [timestamp] pathname 


* The format for the optional timestamp is Y YY YMMDDHHMMSS. 
* The timestamp is required only when setting the modified date and time of the target. 
* FTP Server considers the timestamps set or retrieved to be in server local time. 


* The pathname can be any existing file or directory on the server. You can use relative and 
absolute paths. 


* FTP Server supports and accepts pathnames that either begin with spaces or include spaces. 
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However, use the spaces in file and directory names with caution because the handling of 
spaces in these names varies with each FTP client. Certain FTP clients do not handle spaces 
well when they parse the user's command prior to sending it to the server, and some clients 
may handle this better if the pathname is enclosed in double-quotes. 


For example, 


" pathname". 


FTP Client Response 


If the FTP client does not recognize the mdtm command, then the client software might reject the 
command that the user enters and might not forward it to the server. 


To ensure the client forwards the mdtm command to the server, enter a customized quote command 
in the following format: 


quote MDTM [timestamp] pathname 


Most FTP clients view the quote command as a signal that they should send the rest of the line to the 
FTP server even if the client software does not recognize it. 


However, some clients might change spaces and quotation marks within the quote command, so 
successful execution on paths or names containing spaces might not be possible from some FTP 
clients. 


3.3.9 SubTree Search Support 


FTP server now supports SubTree searching while looking for user objects under specified contexts. 


To enable subtree search, add a delimiter ':s' to the end of the context in the SEARCH LIST 
parameter in ftpserv.cfg file. The FTP server then searches the context and all sub-containers. 
If ':s' is not added to a context, the search is done only within the specified context. 


The contexts in the list should be specified in the preferred search order. 


For example: 


SEARCH LIST-.accounting.boston.novell:s,.development.boston.novell:s,. 
boston.novell 


Here the search begins for user objects in .accounting.boston.novell and in the subtree below. If the 
user is not found under this subtree, the search continues under .development.boston.novell and in 
the subtree. If the user is not found, .boston.novell is searched again, without searching any further 
sub-containers. 


The subtree search is performed by ndsilib.nlm. This module accesses the tree through the user 
object 'nfauuser'. This user is normally created during NetWare 6.5 install, for use by Native File 
Access for Unix (NFS), but can also be created by loading schinst -n atthe server console. 


The load sequence in the autoexec.ncf file should be changed to load £tpstart.ncf 
first.Alternatively, if nfsstart.ncf is remarked out because NFS is not being used, load 
ndsilib.nlmbefore ftpstart.ncf. 


For more information on this utility please refer to online documentation on Native File Access for 
Unix (http://www.novell.com/documentation/oes/pdfdoc/native/native.pdf). 
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Any duplicate contexts in the SEARCH LIST will be eliminated and the modified list will be noted 
in the ftpd.log file. 


Context duplication will be checked according to the order specified in SEARCH LIST. That is, if 
a parent context has subtree search enabled, all the subsequent child contexts specified in the 
SEARCH LIST will be eliminated irrespective of whether they are specified for subtree search or 
one-level search. 


For example: 


SEARCH LIST-.boston.novell:s,.accounting.boston.novell:s,.developm 
ent.boston.novell 


In the above case both the contexts, .accounting.boston.novell and development.boston.novell.will 
be eliminated from the list as .boston.novell is the parent and is specified for subtree search. 


However, a parent context which is specified after a child context will not be eliminated. This allows 
searches to resolve more quickly by specifying smaller areas with frequently used user populations 
before a larger subtree search is done. 


For example: 
SEARCH LIST-.development.boston.novell:s,.accounting.boston.novell 
,.boston.novell:s 


In this case, none of the contexts will be eliminated. The development subtree will be searched, then 
if no match is found, the accounting container is searched. If a match is not found, an entire subtree 
search of boston.novell will be done. 


If a problem prevents the use of ndsilib for subtree searching, the FTP server will treat each 
context in the SEARCH LIST as a plain, single-level search context. 


NOTE: The current SEARCH LIST in use will always be noted in the £tpd.10g file. In 
troubleshooting, it may be useful to compare the intended SEARCH LIST in ftpserv.cfg with 
the effective result in £tpd. log. 


When the process of locating a user object depends upon a subtree search, the user should submit 
only the user name upon login. Submitting a relative or partial context with the user name will not 
be successful in a subtree search. Submitting a full context, beginning with a leading dot (.) is 
recommended as this does not rely on a subtree search. 


For example: 
.userl.boston.novell 


If a context name contains the delimiter itself (:s), it should be seperated with a backslash, 
irrespective of whether it is specified for subtree search or for context level search. 


For example: 


SEARCH LIST-.northN:south 


where the eDirectory™ container object name is .north:south. 


When a user is found, the FTP session's context is set to the context where the user was found. 
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3.4 Security Guidelines 


The following security guidelines and best practices are essential to ensure a secure environment for 
FTP Server. 


3.4.1 Security Configuration 


Configure the following parameters in the ftpserv.cfg file to protect the FTP environment. 


Table 3-1 FTP Parameters and their recommended values 


FTP Parameters Recommended Reason for ; Default Value 
Value Recommendation 

SECURE_CONNECTIONS_ YES If this parameter is setto NO 

ONLY YES, only secure 


connections from FTP 
clients will be supported. 
So you can only use FTP 
clients that support 
secure connections, with 
this setting. The 
advantage of using this is 
that control channel 
information like 
username, passwords, 
etc are encrypted and 
hence protected from 
spoofing and sniffing. 
Optionally, the data 
channel also can be 
encrypted, if the client 
chooses to do so. Refer 
to Section 3.2.2, “Security 
Extensions,” on page 29 
for details on security 
mechanisms supported 
by NetWare FTP server. 


INTRUDER_HOST_ATTEMP 20 If this value is set to O, 20 
TS host intruder detection 

will be disabled, which is 

not advisable 


INTRUDER USER ATTEMP 5 If this value is set to O, 5 
TS user intruder detection 

will be disabled, which is 

not advisable 
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FTP Parameters Recommended Reason for 7 Default Value 
Value Recommendation 
MAX_FTP_SESSIONS 30 Setting this to a lower 30 
value, limits the 
concurrent FTP 
connections allowed to 
the server. This is useful 
if a denial of service 
attack is mounted; the 
scope for exploitation is 
limited. 


IDLE_SESSION_TIMEOUT 180 It is recommended to 600 
specify a small value 
because if the system 
remains idle for a long 
time, it could result in 
malicious attacks 


ANONYMOUS_ACCESS NO To avoid denial of service NO 
attack, if 
MAX_FTP_SESSIONS 
runs out of number 
because of maximum 
anonymous sessions 
itself 


It is also recommended that you set restrictions for hosts, containers, users, domain, IP Addresses 
and IP Address range, in the ftprest.txt file. By default no restrictions are set. 


3.4.2 Security Best Practices 


The following best practices can help in a more secure FTP setup 


* Itis a good practise to check the log files on a regular basis. The log files that you need to check 
are: 


ftpaudit.log 
ftpstat.log 
ftpintruder.log 
ftpd.log 


These files contain details about user activities, statistics, intruders, and other information and 
error messages. 


* It is recommended that FTP Server access is restricted to users by making relevant 
configuration in the ftprest.txt file. To restrict access to remote server navigation for a 
user, set ACCESS =NOREMOTE in the ftprest.txt file. 


NOTE: While using iManager to administer FTP server, the FTP administrator has access/ 
rights to the configuration and statistics of all the FTP servers in the tree 
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Cluster Enabling NetWare FTP 
Server 


You can configure NetWare? FTP Server in either active/active or in active/passive modes of 
Novell? Cluster Services". 


To optimally utilize the services of cluster enabled NetWare FTP Server, we recommend using FTP 
clients with the Reconnect option. 


Using iManager, you can select any server in the eDirectory tree using the Object Selector and 
administer the FTP Server on that Server. 


4.1 Prerequisites 


Q NetWare FTP Server is installed on every server in the cluster 


Q Novell Cluster Services is installed and set up 


For step-by-step information on setting up Novell Cluster Services, refer to Installation and 
Setup (http://www.novell.com/documentation/oes/cluster_admin/data/hc8jxt45.html#hc8jxt45) 
in the OES Novell Cluster Services 1.8 Administration Guide for NetWare. 


Figure 4-1 Cluster Objects 
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4.2 Cluster Enabling for the First Time 


Text goes here 
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4.2.1 Active/Passive Mode 


In the active/passive cluster mode, NetWare FTP Server runs on only one node in the cluster at a 
time. For example, if the node where FTP Server is installed fails, NetWare FTP Server starts on 
other specified nodes in the cluster and the FTP sites on the failed server fail over to other nodes in 
the cluster. 


Cluster enabling in this mode has the following advantages: 


* A common user restriction can be maintained across the cluster setup because only a single 
configuration and restriction file exists in the cluster. The restriction for any eDirectory™ 8.7.3 
user on a particular FTP Server continues even when the FTP service fails over to another node 
in the cluster. 


* The FTP system log files for the cluster can be saved at a common location. 
* User home directory can be saved in the shared volume path. 


* FTP Server status can be monitored using the ftpstat command. This command lets you view 
session-based details such as bytes sent, bytes received, session duration, files sent, files 
received, and current Novell eDirectory context. 


Configuring in Active/Passive Mode 


1 Stop FTP Services by executing unload nwftpd on every node in the cluster. 


2 Edit autoexec.ncf and comment/remove ftpstart .ncf entry from every FTP server in each 
of the nodes in the cluster. This lets FTP Server to be started by NetWare Cluster Services. 


3 Create etc directory in the shared volume directory and copy FTP Server configuration file, 
(ftpserv.cfg) and restrictions file (ftprest.txt) to shared vol name:/etc. 


4 Edit shared vol name:/etc/ftpserv.cfg and make the following changes: 


* In the RESTRICT FILE parameter change the FTP user restrictions file path to 
shared vol name:/etc/ftprest.txt 


* In the FTPD LOG parameter, change the FTP daemon log file path to shared vol name: 
etc. 


5 Bring the resource status to offline and then modify the load and unload scripts. 


Using ConsoleOne®, select and right-click the Cluster resource object, and then click 
Properties > Scripts > Cluster Resource Load Script and Cluster Resource Unload Script. 


5a Add the following at the end of the existing load script: 
load nwftpd -c shared vol name:\etc\ftpserv.cfg 
load ftpstat 


The load script specifies the commands to start the resource or service on a server or to 
mount the volume on a server. 


5b Add the following at the beginning of the unload script: 
unload ftpstat 
unload nwftpd 
The unload script specifies how the application or resource should terminate. 


6 Bring the cluster resource online. 


FTP Server is now configured to work in the active/passive clustering mode. 


46  NetWare FTP Server Administration Guide for OES 


4.2.2 Active/Active Mode 


In active/active cluster mode, services of the NetWare FTP Server (nwftpd and ftpstat) run on all 
nodes in cluster. 


For example, when a server fails, the FTP sites on that server have transparent failover to other FTP 
servers in the cluster. Only FTP sites move. 


Cluster enabling in this mode has the following advantages: 
* Faster recovery after a failure 
* Effective load balancing 

Prerequisites 


QO) Ensure that every node in the cluster has the same configuration and restrictions file 


Q Make sure to use the default load/unload scripts 


Configuring in Active/Active Mode 
1 Edit the autoexec.ncf file and uncomment the ftpstart.ncf entry in individual nodes/ 
servers of the cluster that will run NetWare FTP Server. 
2 Bring the resource status to offline and then modify the load/unload scripts. 


Using ConsoleOne, select and right-click the Cluster resource object, and then click Properties 
> Scripts > Cluster Resource Load Script and Cluster Resource Unload Script. 


2a Add the following at the end of the existing load script: 
nwftpd -c shared _vol_name:\etc\ftpserv.cfg 


The load script specifies the commands to start the resource or service on a server or to 
mount the volume on a server. 


2b For every FTP Server instance running, add the following at the beginning of the unload 
script: 


nwftpd -u shared _vol_name:\etc\ftpserv.cfg 
Unload script specifies how the application or resource should terminate. 


3 Bring the cluster resource online. 


FTP Server is now configured to work in the active/active clustering mode. 


4.3 Upgrading Cluster-Enabled FTP Server 


Text goes here 


4.3.1 Active / Passive Cluster Mode 


1 After the upgrade from NetWare 6 Support Pack 3/NetWare 5.1 Support Pack 6 is complete, 
execute unload nwftpd to stop FTP Services running on all the nodes that you are cluster 
enabling. 


2 Edit autoexec.ncf and comment out or remove the nwftpd entry from every FTP server in each 
node in the cluster. 
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This lets FTP Server be started by Novell Cluster Services. 
3 Bring the resource offline. 


4 Complete Step 5 on page 46 to upgrade the cluster setup. 


4.3.2 Active / Active Cluster Mode 


1 Meet the prerequistes listed in “Prerequisites” on page 47. 


2 After the upgrade from NetWare 6 Support Pack 3 / NetWare 5.1 Support Pack 6 is complete, 
execute unload nwftpd to stop FTP Services running on all the nodes that you are cluster 
enabling. 


3 Edit autoexec.ncf, and if commented, uncomment nwftpd entry from every FTP server in each 
node in the cluster. 


This lets FTP Server be started by Novell Cluster Services. 


4 Bring the resource offline. 
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NetWare FTP Server FAQs 


This section discusses the FAQs that the users and system administrators might have while using 
NetWare? FTP Server. 


5.1 NetWare FTP Server FAQs 


The following are the NetWare FTP Server FAQs: 


Where can | get more information on the FTP Server error messages displayed on 
the system console? 


Action: Refer to Appendix A, *NetWare FTP Server Messages," on page 57 for 
information on FTP Server error messages. 


Why are some file size values displaying as -1? 


Explanation: For the files that are greater than 2 GB in size, NetWare FTP server displays 
file size value as -1. 


For files greater than 4 GB, NetWare FTP Server supports all FTP operations 
except size display and restart. 


Why am I unable to login to NetWare FTP Server even though I have entered valid 
user id and password? 


Explanation: Successful login to NetWare FTP Server requires that a read-write / master 
server in the eDirectory tree is up. 


Action: Make sure that the read write/ master server in the eDirectory tree is up. 


Why is the anonymous user unable to perform any write operation? How can this be 
resolved ? 


Explanation: The anonymous home directory could be in a NFS Gateway volume which 
may not have the write permissions for Other category in remote UNIX file 
system. 


Action: Ensure that the directory in the remote UNIX system corresponding to the 
anonymous home directory of the NFS Gateway volume has write permission 
for Other category. 


Why is the log file not created even though | have specifed the name of the 


directory? 


Explanation: The log file is not get created if the filename ends with a backslash ( ) or a 
forward slash ( / ) 


Action: Make sure that log directory name does not end with a backslash ( \ ) or a 
forward slash ( / ). 
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Why am | unable to navigate to remote servers? 
Explanation: Remote Server navigation is not accessible through IP address. 


Action: Make sure that you specify the NCP address of the server and not the DNS 
name. 


Why am I not able to see directory listing in my FTP client even after connecting to 
the NetWare FTP server? 


Explanation: The FTP client that you are using might be one which expects UNIX-like file 
permissions. The NetWare FTP Server by default sends NetWare trustee rights 
along with the files and therefor this may be incomprehensible to your FTP 
client. 


Action: Setthe PSEUDO PERMISSIONS parameter to ON in the configuration file 
(Default = sys:\etc\ftpserv.cfg). Set the PSEUDO FILE PERMISSIONS and 
PSEUDO DIR PERMISSIONS parameters based on the kind of permissions 
you want to display for files and directories respectively in the FTP client. 


After connecting to Netware FTP Server, certain GUI FTP Clients such as Crystal 
FTP, FTPSurfer are not displaying contents of the directories. Why does this happen 
and how can it be resolved? 


Possible Cause: Certain clients expect directory listing to be in Unix-like format. 


Action: In the configuration file of the Netware FTP server, set the Pseudo-permissions 
to ON. 


Why is anonymous user not able to log on to the NetWare FTP server even after 
setting the ANONYMOUS USER ACCESS to on in the configuration file? 


Explanation: The anonymous user might be created manually using a method other than 
nwftpd -a. 


Action: While creating anonymous user like this, make sure that the anonymous user 
has been assigned a blank password and also given proper access rights to the 
anonymous home directory. 


Explanation: The anonymous user login expects an e-mail address as input for the password. 
While most FTP servers check only for the at sign ((2)) sign in the password, 
the NetWare FTP server checks for the at sign (@) followed by at least a single 
valid character. 


| have an anonymous user account in the DEFAULT FTP CONTEXT. Though | am 
able to access my anonymous account irrespective of the current context that | am 
in, why am I not able to do the same for other user accounts present in the 

DEFAULT FTP CONTEXT? 


Explanation: While all users are searched in the current session context and then also in the 
contexts specified in the SEARCH LIST, the anonymous user is always 
searched only in the DEFAULT FTP CONTEXT irrespective of the current 
session context. The anonymous user is never searched in the contexts 
specified in the SEARCH LIST due to security reasons. 
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Action: If you want all your users present in a particular context to be able to log in 
irrespective of the current session context, then include that context in the 
SEARCH LIST parameter of the configuration file. 


Even after | load the FTP server, why am | not able to connect to it from my client? 


Explanation: There must have been some problems while loading the FTP Server. (For 
example, another application was using the same port). These problems are 
reported in the logger screen of the NetWare Server. 


Why is dynamic configuration of NetWare FTP Server not working? 


Explanation: Dynamic configuration does not effect immediately if the configuration file, 
ftpserv.cfg is modified using notepad or any application from mapped drive. 


Action: Wait for the change to take effect. 
or 


For the changes to take effect immediately, use the iManager UI utility, or edit 
using edit.nlm. 


| am unable to get an entire directory from the server and the message "No Such file 
or Directory" is displaying. How do l resolve this? 


Possible Cause: You might be trying to get the entire directory without having that directory on 
your local disk. 


Action: Complete the following: 


1 Create a directory of same directory name on the local disk, and then 
execute get directory name. 


2 To get all files, do a CD to that directory on the server. 


Why am | unable to connect from a MAC IE client to Netware FTP Server? 
Explanation: The MAC IE client prepends a / to home directory. Therefore, the FTP server 
assumes it to be a remote server navigation and does not respond. 
How do | make use of SITE Commands? 


Explanation: Most FTP clients would have implemented the quote command to send 
arbitrary FTP command to the server. 


Enter quote site help to get the list of valid site commands and use 
quote site site-cmd. 


If your FTP client has not implemented the quote command, then find out 
how to send arbitrary or custom commands from your FTP clients and then 
send site site-cmd to make use of SITE commands. 


The cd multiple dots (cd ../) is not changing to a different volume. Why does this 
happen? 


Possible Cause: You are trying to access across volumes using the cd multiple dots feature. 
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Explanation: 


Action: 


You cannot traverse across volumes using the cd multiple dots feature. 


For example, if you are in /sys (where sys is a volume) and you execute cd ../ 
Vol, you are placed in / (root) and not in voll. Even if you specify a fictitious 
volume name, such as cd ../fictitious Vol, Netware FTP server cannot access 
beyond the / with this command. You are placed in / even in this case and no 
error is reported. 


To change directories across volumes use cd command without multiple dots. 


How dol return to main page from the instance data page? 


Action: 


To return to the main page, click Cancel or the ftp task link in the left-pane. 


Why is the iManager page displaying the default IP Address values even though I 
have entered another value? 


Possible Cause: 


Explanation: 


Action: 


You might have entered special characters such as @ # $ % & * ( )?« > as 
values for IP Address or server passive IP address. 


FTP behaves inconsistently if special characters are entered in the values for IP 
address. The ftpstat page displays the value that the you enter while the FTP 
iManager plug-in field displays the default values for these two parameters. At 
times, the FTP page does not come up if special charactes are entered. User 
should 


Click the FTP in left task link in iManager to go to FTP page again. 


On setting the modification time, the file timestamp varies by a second? Is this fine? 


Explanation: 


Yes, when setting the modification time, the result varies from the value 
specified by a second. 


On a remote server, why are the values retrieved or set by the MDTM command not 
complying to it's timezone? 


Explanation: 


The get and set values on file or directory on the remote server will comply to 
the local server time values where FTP is running. 


Why am | unable to set the last modified time (MDTM) of a file or directory? 


Possible Cause: 


Explanation: 


Action: 


When setting the modified time (mdtm), for a volume, file or directory, your 
current working directory might be root ( / ). 


When setting mdtm for a volume or a file or a directory using an absolute path 
does not work. To overcome this, 


Change directory to a valid volume or directory and try repeating the set 
MDTM operation from there. 


At times the FTP client hangs at '150 Opening Data connection...’. Why? 


Possible Cause: 


Action: 


Certain FTP clients do not handle the error message sent by the server after a 
'150 Opening Data connection..'reply. 


Abort the FTP data connection and restart the FTP session. 
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Why is it that a user with write access to a directory can set the timestamps for read- 
only files in a directory? 


Explanation: This is because of regular NetWare access methods. 


Action: To prevent this, remove the user's access rights to modify time. The related 
rights such as modify, and write that are to be removed are prohibitive. 


What if a user with read-only access tries to get the timestamp of a non-existant file? 


Explanation: Ifa user with read-only access tries to get the timestamp of a non-existant file, 
then FTP Server returns the Restricted action error instead of Invalid 
path. 


This 1s because FTP server now evaluates mdtm command for both getting and 
setting timestamps, but it cannot evaluate the possibility of setting the 
timestamp for read-only users. 


Why does the FTP binding and loading fail when I set the 
FORCE PASSIVE ADDRESS as DNS name? 


Explanation: Make sure that this value is in the standard IP address format and does not 
exceed 15 characters. The IP address should be valid and it should not contain 
any special characters such as @ # $ 9o & * ()?« »;. 


5.2 Configuring FTP Server Using iManager 


The following are configuring FTP Server Using iManager FAQs: 


While upgrading the iManager snap-ins from iManager configuration, the message 
"This package has an earlier version than the module that is currently installed. 
Installation has been cancelled." displays. How can | resolve this? 


Action: To resolve this and install the latest FTP iManager snap-ins, delete the 
previous module. 


To delete the module, go to iManager menu > Configure > iManager 
configuration > Modules. 


How dol resolve the error message “failed to unload the instance" when using 
multiple instance administration? 
Explanation: You might have unloaded multiple instances consecutively. 
Action: Complete the following: 


1 Click the Close button to come back to main page. This is because unload 
instance has failed. 


2 Click the Refresh button to know the status of the instance. 
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In the FTP Administration through iManager page, hitting the Enter key after typing 
the server name does not display anything. 


Action: The Enter key functionality is not supported in this page. The user instead of 
typing in the server name, can select the server by clicking on the Object 
Selector icon. This displays a list of available ftp server instances. 


Why is that when | access the FTPStat page using the Monitor active FTP Sessions 
link in the FTP Server Administration Page and refresh it, the page contents do not 
not refresh and turn blank instead? 


Explanation: The FTP Server Administration Page refreshes automatically every 10 
seconds. Because manual refresh is not supported, manually refreshing the 
page leads to a blank page. This behavior does not exist in other pages in 
ftpstat; pages other than the first page can be manually refreshed. 


Action: To view the refreshed page, click the Monitor active FTP Sessions link in the 
FTP Server Administration Page. 


When | do a Ctrl N (^n) on configuration page of ftpstat, a new browser window (with 
url window contents displaying IP address and port) is launched with same page 
contents in new window though ftpstat is now over secure connection, why is it so? 


Explanation: When you execute Ctrl+N on the ftpstat page, browser launches a new session 
with same URL in new window. Ftpsat on the server, however cannot 
distinguish from previous page, as browser client do not distiguish between 
old page and newly opened window for the server to be aware of this. This 
results in display of same contents of the page in new browser window. This is 
a issue with browser behavior and not with ftpstat. 


Is the FTP iManager plug-in well supported by all browsers? 


Explanation: Yes, it is. However, some of the browsers do not handle the ftpstat session 
timeout well. At times, the browser prompts the user to open/save file to disk 
for the cookie. 


Also after 20 minutes, the session time out message might not be displyed by 
some of the browsers properly. There could be broken contents on the page. 


Action: These do not affect the FTP Server functionality. Ignore the browser prompt to 
open or save the file to disk for the cookie. 


Ignore the broken contents and open a new session by clicking the 'Monitor 
Active Sessions' in iManager again. 


5.3 Localization Issues 


The following are the NetWare FTP Server localization FAQs: 
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When using FTP Server on a Japanese language machine, the user is not placed in 
the home directory. How can | resolve this? 


Action: To resolve this, replace backslashes (*) with forward slashes (/) as path 
separators in the user's home directory path. In ConsoleOne®, right-click User, 
then click Properties > General > Environment > Modify. 


Does FTP Server support files and directories created in a DOS name space ona 
server with double-byte characters? 


Explanation: If you create a file or directory ina DOS name space on a server with double- 
byte characters, the file or directory is created on that server with the name 
specified. However, the message to the FTP client might contain a different 
file or directory name. This happens in particular with the 0x8374 character in 


Shift_JIS, 30D5 in Unicode*, which is converted to 0x8354 in Shift_JIS, 
30B5. 
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NetWare FTP Server Messages 


This section explains NetWare FTP Server messages along with possible causes and suggested 
actions to resolve the problem. 


A.1 NWFTPD Messages 


Failed to bind to FTP port 
Source: nwftpd.nlm 
Explanation: The port that the NetWare FTP Server is trying to bind is busy. 


Possible Cause: Another instance of the NetWare FTP Server or another application is bound to 
the port. 


Action: Unload the application that is bound to the port, or bind the NetWare FTP 
Server to a different port. 


Failed to initialize Anonymous user 
Source: nwftpd.nlm 
Explanation: The NetWare FTP Server failed to create an anonymous user. 
Possible Cause: Incorrect data was entered to create the user. 
Action: Use the following syntax: 


nwftpd -a [-c [volname: [/dirname/...]]myconfig.cfg] 


Failed to add Anonymous User object to NDS 
Source: nwftpd.nlm 
Possible Cause: The administrator user entered has insufficient rights. 


Action: When prompted for the name of the administrator, enter a user with sufficient 
rights. 


Failed to generate an ObjectKeyPair for the Anonymous User 
Source: nwftpd.nlm 


Possible Cause: The anonymous user entered has insufficient rights. 


Action: Ensure that the anonymous user has sufficient rights. 


Failed to open configuration file 
Source: nwftpd.nlm 
Possible Cause: The configuration file is not available at specified location. 


Action: Verify if the configuration file is available at the specified location. 
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Unable to find default configuration file 
Source: nwftpd.nlm 
Possible Cause: Configuration file is not available at the default location (sys:/etc). 


Action: Verify if the configuration file is available at the default location. 


Unable to locate Anonymous user in default context 
Source: nwftpd.nlm 


Possible Cause: SYS:ETC\HOSTS has an incorrect or missing entry for it's own server address 
and name, or the anonymous user does not exist at the NetWare FTP Server's 
context. 


Action: Verify that sys:etc hosts contains an entry for it’s own server, in the format: 


ip address servernam 


Runnwftpd -a to create anonymous user and reload nwftpd. 


USAGE : nwftpd [-a] [-c «Config File>] [-d] 
Source: nwftpd.nlm 
Possible Cause: The user might have tried to load nwftpd.nlm with wrong usage. 


Action: To load FTP Server with default configuration file, enter the following 
command: 


nwftpd 
To create anonymous user, use the following command: 
nwftpd -a 


To load FTP Server with for specific configuration filename, enter the 
following command syntax:: 


nwftpd -c [volname:[/dirname/...]]myconfig.cfg 
To disable dynamic configuration updates, enter the following command: 
nwftpd -d 

Aborting load. Configuration file not found. 


Possible Cause: The configuration file was not found in the location specified. 


Action: Verify that the configuration file exists in the location specified. 


UNLOAD_THIS_INSTANCE parameter set in the configuration file. Unloaded the 
corresponding instance. 


Possible Cause: The UI administration utility might have opted to stop this instance. 
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Failed to get Server Context. 


Action: Verify the Server context. If it is a bindery context, then give a valid context, or 
set the DEFAULT FTP CONTEXT parameter of the configuration file. 


Failed to create ContextHandle for FTPServer retcode=n 
Possible Cause: DS Failure 


Action: 


A.2 Anonymous User Creation 


Login failed for user 
Possible Cause: The password might be invalid or the user does not exist. 


Action: Give the Admin User Id (or User Id with security equivalent to admin) and 
password. 


Failed to map Name to ID. Trying to contact Master server. This could take several 
minutes. 


Possible Cause: The server might be a read-only / non-replica server and the master server is 
down or the anonymous user object just created would not have got synced in 
the master server. 


Action: Try after sometime. 


Failed to allocate and initialize NDS buffers. 
Possible Cause: Inadequate system memory. 


Action: Free some system memory. 


Failed to add Anonymous user object to NDS. 


Possible Cause: User name should have security equivalent to admin to create anonymous user 
object. 


Action: Create using admin user (or user with security equivalent to admin) and 
password 
Failed to generate an ObjectKeyPair for the Anonymous object. 


Possible Cause: User name should have security equivalent to admin to create anonymous user 
object. 


Action: Create using admin user (or user with security equivalent to admin) and 
password 


Failed to open a connection with the local server 
Possible Cause: The NCP connection table might be full. 
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Action: Do the following: 


1 Load monitor.nlm 


2 Clear the connection that are not required. 


Failed to authenticate with the local server 
Possible Cause: 


Action: 


Failed to create Anonymous home directory 


Possible Cause: User name might not have security equivalent to admin to create anonymous 


user object. 

Or 

Volume does not exist 
or 

Directory I/O error 

or 


Hardware failure 


Failed to add rights to Anonymous user 


Possible Cause: User name might not have security equivalent to admin to create anonymous 


user object. 

or 

Server might be out of memory. 
or 

Volume does not exist 

or 

Directory I/O error 

or 


Hardware failure 


Failed to initialize Anonymous user access. 


Possible Cause: User entered should be security equivalent to admin user. 


or 
Insufficient memory 


or 
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Local server might be a read only/ no replica server and the master server is 
down or not reachable. 


or 


Connection table might be full. 


A.3 FTPSTAT Messages 


USAGE: ftpstat [-p «port number>] 
Possible Cause: The user might have tried to load ftpstat.nlm with wrong usage. 
Action: To load ftpstat with default port number (2500), enter the following command: 
ftpstat 


To load ftpstat on a different port number, use the following comand syntax: 


ftpstat -p port number 


Unable to bind to port 


Possible Cause: The port that the ftpstat.nIm is trying to bind is busy. Another instance of the 
ftpstat.nlm or another application might be bound to the port. 


Action: Unload the application that is bound to the port, or bind the ftpstat to a 
different port. 
Invalid port number, binding to default port, valid range is 1 to 65534 


Action: Give a valid port number. 


A.4 FTPUPGRD Messages 


Could not create the .cfg file. 
Source: FtpUpgrd.nlm 


Possible Cause: Configuration file does not exist for NetWare FTP Server upgrade, or the 
existing configuration file has read-only access. 


Action: Modify the file access if it is read-only or specify proper configuration file 
name with the following command: 


ftpupgrd [-c [volname: [/dirname/...]]myconfig.cfg] 


Could not create the NetWare FTP Server Restriction file. 
Source: FtpUpgrd.nlm 


Possible Cause: Restriction file does not exist for NetWare FTP Server upgrade, or existing 
Restriction file has read-only access. 
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Action: Modify the file access if it is read-only or specify proper restriction filename. 


Failed to upgrade. 
Source: FtpUpgrd.nlm 


Possible Cause: Configuration file does not exist for NetWare FTP Server upgrade, or existing 
configuration file has read-only access, or the restriction file does not exist for 
NetWare FTP Server upgrade, or the existing Restriction file has read-only 
access 


Action: Modify the file access if it's read-only or specify proper configuration file 
name with the following command. Modify the file access if it is read-only or 
specify proper restriction filename. 


ftpupgrd [-c [volname: [/dirname/...]]myconfig.cfg] 
Correct Usage: ftpupgrd [-c «Config File>] 
Source: FtpUpgrd.nlm 


Possible Cause: User might have tried to load FTPUPGRD.NLM with wrong usage. 


Action: Use the specified usage: 


ftpupgrd [-c [volname:|/dirname/...||myconfig.cfg] 
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Documentation Updates 


B.1 March 8, 2006 


* Added new section Section 3.3.9, “SubTree Search Support,” on page 41 


* Added new section Section 3.4, "Security Guidelines," on page 43 


B.2 December 23, 2005 


* Added TRANSMITFILE SUPPORT parameter in Table 2-1 on page 13. 
* Added the description for the parameter SEARCH LIST in the Table 2-2 on page 18. 
* Added the functionality for the new feature of in SubTree Search Support (page 41) 


B.3 August 19, 2005 


* Updated the Section 1.1, “What's New,” on page 9 to reflect the changes for OES Support Pack 
l. 


* Added the funtionality for the new feature of Setting Modification Time (page 40). 


* Added the description for the parameter FORCE PASSIVE ADDR in the General 
Configuration Parameters (page 13). 


* Updates in Dynamic Configuration Updates (page 25), and “Initializing Multiple Instances" on 
page 33. 


* Updates in “NetWare FTP Server FAQs" on page 49. 


* Updates in “Accessing a Remote Server" on page 30. 


B.4 May 9, 2005 


* Changed references of iManager 2.0 to iManager 2.5. 


* Updated the reference for Installation and Setup for OES Novell Cluster Services 1.8 
Administration Guide for NetWare. 


* Added an appendix with Documentation Updates information. 


Documentation Updates 
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